def encrypt_msg(message, plain_tag, encoding, short_tag_length=2, verbose=False): if encoding == "base64": EncodeAES = lambda c, s: base64.b64encode(c.encrypt(pad(s))) else: EncodeAES = lambda c, s: encode(c.encrypt(pad(s))) session_key = Random.get_random_bytes(16) integrity_key = Random.get_random_bytes(20) sha = SHA256.new() sha.update(plain_tag) bit_long_tag = sha.digest() long_tag = base64.b64encode(bit_long_tag[0:16]) short_tag = long_tag[0:short_tag_length] session_integrity_payload = session_key + integrity_key aes = AES.new(bit_long_tag[16:32]) session_integrity_cipher = EncodeAES(aes, session_integrity_payload) aes = AES.new(session_key) message_cipher = EncodeAES(aes, message) if encoding == "base64": decoded_message_cipher = message_cipher else: decoded_message_cipher = decode(message_cipher) hmac = HMAC.new(integrity_key, digestmod=SHA) hmac.update(decoded_message_cipher) if encoding == "base64": integrity = base64.b64encode(hmac.digest()) else: integrity = encode(hmac.digest()) hoot = "#" + short_tag + " " + session_integrity_cipher + integrity + message_cipher if verbose: print "hoot:", hoot # print "Input (", len(message), "):", message # print "Output (", len(hoot), "):", hoot # print "#shorttag", 1 + len(short_tag) # print "space", 1 # print "Integrity", len(integrity) # print "Session Integrity Cipher text", len(session_integrity_cipher) # print "Message Cipher text", len(message_cipher) # TODO: What about date/time? return hoot
def decrypt_msg(hoot, plain_tag, encoding, verbose=False): if encoding == "base64": DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING) else: DecodeAES = lambda c, e: c.decrypt(decode(e)).rstrip(PADDING) # Removes the short tag before the cipher text hoot = re.sub(r"^#\S+ ", r"", hoot) if encoding == "base64": session_integrity_cipher = hoot[0:64] integrity = hoot[64:92] message_cipher = hoot[92:] else: session_integrity_cipher = hoot[0:35] integrity = hoot[35:50] message_cipher = hoot[50:] sha = SHA256.new() sha.update(plain_tag) bit_long_tag = sha.digest() aes = AES.new(bit_long_tag[16:32]) session_integrity_payload = DecodeAES(aes, session_integrity_cipher) session_key = session_integrity_payload[0:16] integrity_key = session_integrity_payload[16:36] hmac = HMAC.new(integrity_key, digestmod=SHA) if encoding == "base64": decoded_message_cipher = message_cipher else: decoded_message_cipher = decode(message_cipher) hmac.update(decoded_message_cipher) if encoding == "base64": integrity_computed = base64.b64encode(hmac.digest()) else: integrity_computed = encode(hmac.digest()) if integrity != integrity_computed: print "FAILURE: Integrity not preserved.", integrity, integrity_computed return aes = AES.new(session_key) message = DecodeAES(aes, message_cipher) if verbose: print "message:", message